Cisco Releases Three Security Advisories
The Cisco Service Control Engine contains three vulnerabilities that could allow an attacker to completely reload the SCE. The errors could potentially be triggered during a login activity within an aggressive timeframe or by normal login activity in combination with other control engine management activities. The vulnerabilities could also be triggered during SSH login through specific actions regarding invalid authentication credentials.
The Secure Shell server in Cisco IOS also contains numerous vulnerabilities that could enable an unauthenticated user to create a memory access error or, in certain cases, use the vulnerability to reload the device.
Meanwhile, the third Cisco advisory warns of a privilege escalation error in the Cisco Unified Customer Voice Portal that could allow a potential attacker to create, modify or delete an account with elevated priveleges.
While there are no immediate workarounds, Cisco has released software upgrades addressing the vulnerabilities found in the Service Control Engine and Customer Voice Portal, which are available for free to affected customers.
None of the vulnerabilities allow an attacker to execute remote code execution. However, a posting on the SANS Institute Web site warned that with memory access issues that lead to a Denial of Service, "thoughts immediately go to arbitrary code execution."
"There is no evidence that this is possible, but in light of the recent work in IOS rootkits, vulnerabilities Cisco devices should not be taken lightly," SANS said.
So far, however, there are no known exploits loose in the wild.
SANS said that CORE Security researcher Sebastian Muniz is scheduled to release a proof of concept Cisco IOS rootkit Thursday at EuSecWest Conference in London.